Security Leftovers

posted by Roy Schestowitz on Apr 18, 2025

• Ubuntu News ☛ Extended Security Maintenance for Ubuntu 20.04 (Focal Fossa) begins May 29, 2025

  Ubuntu released its 20.04 (Focal Fossa) release 5 years ago, on March 23, 2020. As with the earlier LTS releases, Ubuntu committed to ongoing security and critical fixes for a period of 5 years.

• Security Week ☛ Vulnerabilities Patched in Atlassian, Cisco Products

  Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.

• LWN ☛ Security updates for Thursday

  Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Oracle (expat, freetype, glibc, grub2, gvisor-tap-vsock, and kernel), Red Hat (grub2 and webkit2gtk3), and SUSE (apache2-mod_auth_openidc, cosign, gitoxide, govulncheck-vulndb, GraphicsMagick, haproxy, hauler, mozjs52, oci-cli, pam, perl-Data-Entropy, poppler, python-lxml-doc, python311-aiohttp, rekor, rubygem-rexml, and webkit2gtk3).

• Security Week ☛ CISA Issues Guidance After Oracle Clown Hack

  CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.

• Security Week ☛ MITRE Hackers’ Backdoor Has Targeted backdoored Windows for Years

  Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years.

• Security Week ☛ SonicWall Flags Old Vulnerability as Actively Exploited

  A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild.

• Security Week ☛ Chinese APT Mustang Panda Updates, Expands Arsenal

  The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack.

• Fear-mongering/Dramatisation

  • Chinese Hackers Deploy SNOWLIGHT and VShell in Linux Intrusions

    A new cyber campaign linked to Chinese threat actor UNC5174 is targeting Linux systems using a combination of SNOWLIGHT malware and a remote access trojan called VShell, reports The Hacker News. Researchers note that this operation relies heavily on open-source tools, which help threat actors lower costs and complicate attribution. UNC5174, previously tied to attacks involving ConnectWise and F5 vulnerabilities, now appears to be broadening its tactics to deploy fileless payloads and establish long-term access via custom bash scripts and reverse shell tools.

  • Chinese hackers set sights on Linux systems, Ivanti appliances

    Initial access to Linux systems has been leveraged by Chinese state-sponsored threat actor UNC5174, also known as Uteus or Uetus, to facilitate the distribution of a nefarious bash script with SNOWLIGHT malware- and Sliver implant-associated payloads, according to an analysis from Sysdig. SNOWLIGHT then deploys the VShell remote access trojan, which allows arbitrary command execution and file uploads or downloads, said Sysdig researchers.

  • Chinese Attackers Set Sights on Linux Systems, Ivanti Appliances

• Windows TCO / Windows Bot Nets

  • NVISO Labs ☛ Crisis Management – Beacon in the Storm

    This entry is part 4 in the series of improving your Ransomware readiness Continuing our series of blog posts on Ransomware and Incident Response (Part1, Part2, Part3) and following up on the recent discussion about top management preparation (ManagementPreparation), its time to consider having an effective Crisis Management process in place.